def login_view(): next_url = request.args.get('next', default='/', type=str) if app.config.get('IGNORE_AUTH'): fake_id = 'anonymous_superuser' anonymous_superuser = models.User.query.get(fake_id) if not anonymous_superuser: anonymous_superuser = models.User( id=fake_id, email_address='*****@*****.**', superuser=True) db.session.add(anonymous_superuser) db.session.commit() login_user(anonymous_superuser) confirm_login() return redirect(next_url) # Inspired by: # http://stackoverflow.com/questions/9499286 # /using-google-oauth2-with-flask params = dict( response_type='code', client_id=app.config['GOOGLE_OAUTH2_CLIENT_ID'], redirect_uri=app.config['GOOGLE_OAUTH2_REDIRECT_URI'], scope=GOOGLE_OAUTH2_SCOPES, state=urllib.quote(next_url), ) if app.config['GOOGLE_OAUTH2_HOSTED_DOMAIN'] is not None: params['hd'] = app.config['GOOGLE_OAUTH2_HOSTED_DOMAIN'] target_url = '%s?%s' % (GOOGLE_OAUTH2_AUTH_URL, urllib.urlencode(params)) logging.debug('Redirecting user to login at url=%r', target_url) return redirect(target_url)
def login_auth(): # TODO: Handle when the 'error' parameter is present params = dict( code=request.args.get('code'), client_id=config.GOOGLE_OAUTH2_CLIENT_ID, client_secret=config.GOOGLE_OAUTH2_CLIENT_SECRET, redirect_uri=config.GOOGLE_OAUTH2_REDIRECT_URI, grant_type='authorization_code' ) payload = urllib.urlencode(params) logging.debug('Posting for token to url=%r, payload=%r', GOOGLE_OAUTH2_TOKEN_URL, payload) fetch_request = urllib2.Request(GOOGLE_OAUTH2_TOKEN_URL, payload) conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS) data = conn.read() result_dict = json.loads(data) params = dict( access_token=result_dict['access_token'] ) payload = urllib.urlencode(params) target_url = '%s?%s' % (GOOGLE_OAUTH2_USERINFO_URL, payload) logging.debug('Fetching user info from url=%r', target_url) fetch_request = urllib2.Request(target_url) conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS) data = conn.read() result_dict = json.loads(data) logging.debug('Result user info dict: %r', result_dict) email_address = result_dict['email'] if not result_dict['verified_email']: abort(flask.Response('Your email address must be verified', 403)) user_id = '%s:%s' % (models.User.GOOGLE_OAUTH2, result_dict['id']) user = models.User.query.get(user_id) if not user: user = models.User(id=user_id) # Email address on the account may change, user ID will stay the same. # Do not allow the user to claim existing build invitations with their # old email address. if user.email_address != email_address: user.email_address = email_address user.last_seen = datetime.datetime.utcnow() db.session.add(user) db.session.commit() login_user(user) confirm_login() # Clear all flashed messages from the session on login. flask.get_flashed_messages() final_url = urllib.unquote(request.args.get('state')) logging.debug('User is logged in. Redirecting to url=%r', final_url) return redirect(final_url)
def manage_admins(): """Page for viewing and managing build admins.""" build = g.build # Do not show cached data db.session.add(build) db.session.refresh(build) add_form = forms.AddAdminForm() if add_form.validate_on_submit(): invitation_user_id = '%s:%s' % (models.User.EMAIL_INVITATION, add_form.email_address.data) invitation_user = models.User.query.get(invitation_user_id) if not invitation_user: invitation_user = models.User( id=invitation_user_id, email_address=add_form.email_address.data) db.session.add(invitation_user) db.session.add(build) db.session.add(invitation_user) db.session.refresh(build, lockmode='update') build.owners.append(invitation_user) save_admin_log(build, invited_new_admin=True, message=invitation_user.email_address) db.session.commit() logging.info('Added user=%r as owner to build_id=%r', invitation_user.id, build.id) return redirect(url_for('manage_admins', build_id=build.id)) add_form.build_id.data = build.id revoke_form_list = [] for user in build.owners: form = forms.RemoveAdminForm() form.user_id.data = user.id form.build_id.data = build.id form.revoke.data = True revoke_form_list.append((user, form)) return render_template('view_admins.html', build=build, add_form=add_form, revoke_form_list=revoke_form_list)